Jump to content


Photo

false positive ?


  • Please log in to reply
7 replies to this topic

#1 jeanbal

jeanbal

    Advanced Member

  • Members
  • PipPipPip
  • 30 posts

Posted 22 January 2009 - 08:33 PM

is it a malware ?
win32tr/-/newmedia
hku s-1-5-18/software/1do-bfc9-00aa005b4383
hkus-1-5-2-365139939/-/tions:nobrowseroption
hku:default/software/-/xplorer/toolbar:locked
hku:s-1-5-18/software/-/xplorer/toolbar:locked

#2 LS CalamityJane

LS CalamityJane

    Former Lavasoft Staff

  • Members
  • PipPipPip
  • 8814 posts

Posted 23 January 2009 - 02:01 AM

Hi jeanbal,

If you could post the logs from the scan that would sure help. Here is a guide on how to do that.
http://www.lavasofts...showtopic=18033

That will give our Research Team the info needed to investigate further for you.
Please do NOT send Private Messages to Staff or helpers to request assistance! We do not give a personal support via PM The way to request help is to post a NEW TOPIC in the appropriate forum.

Look for the *New Topic* Button near the top right when viewing the forums.

Here in the forums, replies are posted to topics only. Thank you for your understanding and cooperation!
Plus and Pro Ad-Aware users (only) may use the Support Center for personal assistance:
Support Center


Microsoft MVP/Windows - Security 2003-2009

#3 jeanbal

jeanbal

    Advanced Member

  • Members
  • PipPipPip
  • 30 posts

Posted 23 January 2009 - 03:29 PM

Hi jeanbal,

If you could post the logs from the scan that would sure help. Here is a guide on how to do that.
http://www.lavasofts...showtopic=18033

That will give our Research Team the info needed to investigate further for you.



here is the log

Attached Files



#4 LS Andy

LS Andy

    Lavasoft Staff/Forum Overlord

  • Root Admin
  • 1529 posts

Posted 24 January 2009 - 08:20 AM

Hi jeanbal,

Thanks for posting the log file. We will investigate further - if this is a false positive, it will be removed from the detection database.

Regards,

Andy
Lavasoft Research
unsolicited@tenalia.com

#5 RDR

RDR

    Newbie

  • Members
  • Pip
  • 1 posts

Posted 25 January 2009 - 04:57 PM

I ran Ad-Aware 2008 regularly. Today I downloaded and ran for the first time the Ad-Aware Anniversary Edition. It found Win32Tr\.\NewMedia (as did the initial poster). (I think it was a "." and not a "-", but I could be wrong). I allowed the program to delete it and am running a full scan of the hard drive with Ad-Aware (so far it's clean). However I have Norton 360 and keep it up to date so I would be surprised if there were a real threat on this hard drive. Anyway, I felt I should report it here. And I don't know if I can send you the file as an attachment because I am already rerunning Ad-Aware; if it is possible I will attempt to do so.

I wish to thank all of you at Ad-Aware / Lavasoft for all of the work you do to supply millions of us with a free tool for identifying and removing cookies and malware. That is increasingly rare in our society and world. I just wish to express my appreciation.

#6 LS Andy

LS Andy

    Lavasoft Staff/Forum Overlord

  • Root Admin
  • 1529 posts

Posted 26 January 2009 - 07:24 AM

@RDR - thanks for your report and kind words. We really appreciate it!

@jeanbal - one of the registry keys in your report is known to be hijacked by Win32.TrojanDownloader.NewMedia, however, there were no actual Win32.TrojanDownloader.NewMedia files on your PC. The detection used to flag the registry keys in our database was too 'aggressive', which I have fixed. This fix will be available as of the next definition file update 0146.0001. Thanks for providing so much information!

Regards,

Andy
Lavasoft Research
unsolicited@tenalia.com

#7 PeteL

PeteL

    Newbie

  • Members
  • Pip
  • 1 posts

Posted 01 February 2009 - 03:38 PM

@RDR - thanks for your report and kind words. We really appreciate it!

@jeanbal - one of the registry keys in your report is known to be hijacked by Win32.TrojanDownloader.NewMedia, however, there were no actual Win32.TrojanDownloader.NewMedia files on your PC. The detection used to flag the registry keys in our database was too 'aggressive', which I have fixed. This fix will be available as of the next definition file update 0146.0001. Thanks for providing so much information!

Regards,

Andy
Lavasoft Research


OK, I hit the same false positive and followed the recomenation to quarantine. What's to be done now. Should it be restored or just left alone?

#8 LS CalamityJane

LS CalamityJane

    Former Lavasoft Staff

  • Members
  • PipPipPip
  • 8814 posts

Posted 14 February 2009 - 05:09 AM

I believe this one was resolved in a subsequent update. Moving this topic to the *Resolved* section (read only).

If you are still having a problem, please post a new topic so we can take a fresh look at it.

For posting about False positives, please use this Guide
http://www.lavasofts...showtopic=18033
Please do NOT send Private Messages to Staff or helpers to request assistance! We do not give a personal support via PM The way to request help is to post a NEW TOPIC in the appropriate forum.

Look for the *New Topic* Button near the top right when viewing the forums.

Here in the forums, replies are posted to topics only. Thank you for your understanding and cooperation!
Plus and Pro Ad-Aware users (only) may use the Support Center for personal assistance:
Support Center


Microsoft MVP/Windows - Security 2003-2009




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users